lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHsH6Gt4EqSz6TrQa+JKG98y8CUTtOM8=dfCVy0fZ8pwXJr1pw@mail.gmail.com>
Date: Mon, 27 Jan 2025 11:24:02 -0800
From: Eyal Birger <eyal.birger@...il.com>
To: Kees Cook <kees@...nel.org>
Cc: luto@...capital.net, wad@...omium.org, oleg@...hat.com, ldv@...ace.io, 
	mhiramat@...nel.org, andrii@...nel.org, jolsa@...nel.org, 
	alexei.starovoitov@...il.com, olsajiri@...il.com, cyphar@...har.com, 
	songliubraving@...com, yhs@...com, john.fastabend@...il.com, 
	peterz@...radead.org, tglx@...utronix.de, bp@...en8.de, daniel@...earbox.net, 
	ast@...nel.org, andrii.nakryiko@...il.com, rostedt@...dmis.org, rafi@....io, 
	shmulik.ladkani@...il.com, bpf@...r.kernel.org, linux-api@...r.kernel.org, 
	linux-trace-kernel@...r.kernel.org, x86@...nel.org, 
	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH] seccomp: passthrough uretprobe systemcall without filtering

Hi Kees,

On Mon, Jan 20, 2025 at 1:34 PM Kees Cook <kees@...nel.org> wrote:
>
> On Sat, Jan 18, 2025 at 07:39:25PM -0800, Eyal Birger wrote:
> > Alternatively, maybe this syscall implementation should be reverted?
>
> Honestly, that seems the best choice. I don't think any thought was
> given to how it would interact with syscall interposers (including
> ptrace, strict mode seccomp, etc).

I don't know if you noticed Andrii's and others' comments on this [1].

Given that:
- this issue requires immediate remediation
- there seems to be pushback for reverting the syscall implementation
- filtering uretprobe is not within the capabilities of seccomp without this
  syscall (so reverting the syscall is equivalent to just passing it through
  seccomp)

is it possible to consider applying this current fix, with the possibility of
extending seccomp in the future to support filtering uretprobe if deemed
necessary (for example by allowing userspace to define a stricter policy)?

Thanks,
Eyal.

[1] https://lore.kernel.org/lkml/20250121182939.33d05470@gandalf.local.home/T/#me2676c378eff2d6a33f3054fed4a5f3afa64e65b

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ